这包括若干安全增强,例如关闭脚本漏洞和欺骗保护。而且,大部分增强不会影响您的工作,除非您正打算编写恶意代码。
Several security enhancements are included, from closing script vulnerabilities to phishing protection, but most of them won't affect your work unless you happen to be writing malicious code.
常见的黑客脚本是否能够找到被忽视的漏洞?
Can common hacking scripts find holes that have been overlooked?
这样可以通过禁用浏览器脚本和IE底安全等级的设置,保护浏览器免受通过已知漏洞发起的攻击。
This should protect against all known exploits of this vulnerability by disabling scripting and disabling less secure features in IE.
如果应用程序有xss漏洞,攻击者就可能会发送能被应用程序执行的恶意脚本,导致XSS侵入。
If the application has XSS holes, the attacker may send a malicious script that can still be executed by the application and lead to XSS intrusions.
通过确保按需脚本被验证并确保从那些脚本生成的内容被适当编码以阻止恶意代码的执行,您可以避免这类漏洞。
You can prevent this vulnerability by ensuring that on-demand scripts are validated and that content generated from the scripts is encoded properly to prevent execution of malicious code.
因为在脚本中并不真正需要初始化这些变量,所以很容易编写出带有安全漏洞的脚本。
These variables don't really require initialization in your scripts, so it's easy to write scripts with gaping security holes.
观察这些失败的现象也可以帮助你识别你的IBMRationalRobotvu脚本中的HTTP连接漏洞。
Watching for these failure symptoms will also help you identify HTTP connection leaks in your IBM Rational Robot VU scripts.
入侵者欺骗Web站点在浏览器中显示入侵者要该站点执行的脚本,通过这样来利用此漏洞。
Intruders take advantage of this hole by tricking a Web site into displaying in the browser a script that the intruder wants the site to execute.
按需脚本可能包含打算攻击XXS等安全漏洞的恶意代码。
On-demand scripts can include malicious code aimed at exploiting security vulnerabilities such as XSS.
保护跨站点脚本(Cross - site scripting,XSS)漏洞。
通过HttpOnly属性进行的cookie保护在默认情况下处于启用状态,以便通过阻止脚本访问特定cookie来减少跨站点漏洞。
Cookie protection via HttpOnly attribute is enabled by default to reduce cross-site vulnerabilities by preventing a script from accessing a specific cookie.
第一个漏洞是最流行的:跨站脚本编程(cross - site scripting,XSS)。
The first is by far the most popular: cross-site scripting (XSS).
它不能抵御第三方脚本或服务器中的安全漏洞。
It cannot defend against vulnerabilities in third-party scripts or servers.
可信网站可能被利用以发起利用多个漏洞运转的复杂的脚本攻击。
Trusted websites can be compromised and used to launch complex script-based attacks that cycle through multiple exploits.
在看出这些脚本对黑客和漏洞是多么脆弱之后。
After seeing how vulnerable these scripts are to hackings and holes.
用户浏览诸多网站时,该漏洞可导致允许来袭者运行恶意脚本,进而导致信息泄露。
The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure.
所有安装在网站上的CGI脚本程序都有可能包含漏洞,每个漏洞都是一个潜在的安全漏洞。
Any CGI script installed at your site may contain bugs, and every such bug is a potential security hole.
JSONP运行在一个安全漏洞中。通过向您的网页动态添加新的脚本代码,然后执行内容。
JSONP operates by dynamically adding a new script tag into your page and then executing the contents.
各种入侵思路与技术和漏洞利用交流、让你成为脚本安全攻防高手。
A variety of invasive techniques and exploit ideas and exchanges, so that you become a master script security attack and defense.
These Fuzzers可以测试错误的应用,协议,文件等,被广泛用于寻找新的漏洞一样溢出攻击,SQL注入和跨站脚本。
These Fuzzers can test errors for applications, protocols, files etc and are widely used to find new vulnerabilities like buffer overflow, DoS, SQL injection and XSS.
These Fuzzers可以测试错误的应用,协议,文件等,被广泛用于寻找新的漏洞一样溢出攻击,SQL注入和跨站脚本。
These Fuzzers can test errors for applications, protocols, files etc and are widely used to find new vulnerabilities like buffer overflow, DoS, SQL injection and XSS.
应用推荐